Crypt and compression [Re: question....]

Jim Gillogly (jim@mentat.com)
Wed, 2 Sep 98 18:54:35 PDT

• Next message: Ben Laurie: "Re: Algebraic cryptanalysis ?"
• Previous message: Bernardo B. Terrado: "question...."
• In reply to: Mike Rosing: "Re: Algebraic cryptanalysis ?"
• Next in thread: Bernardo B. Terrado: "Re: Crypt and compression [Re: question....]"
• Reply: Bernardo B. Terrado: "Re: Crypt and compression [Re: question....]"
• Reply: Bernardo B. Terrado: "Re: Crypt and compression [Re: question....]"

Bernardo B. Terrado writes:
> I have read that in Unix's crypt,
> let me put it this way
> the "book" suggested that

The book? What book?
>
> One solution for the weakness of crypt
> is, first compress the plaintext then run crypt on the
> compressed data
> moreover it said that compressed data looks like random noise (so it
> would be very hard to decipher)

Depends on the compression scheme.

> My question is this,
> In case the ciphertext is deciphered, the "decipheree" will not know
> what compression scheme the "encipheree" used? what if he uses many
> decompression softwares, could he still get the plaintext ?

First, what are you trying to achieve? If you simply want to keep your
data private, why not use a stronger algorithm, such as the ones used
in PGP?

Second, the amount of protection you get from this will depend
on the resources and energy of the attacker. However, Robert H.
Morris (NSA, ret.) offered the dictum "Never underestimate the amount
of effort the enemy will undertake to get your plaintext."

The easiest attack on crypt is if the plaintext is in English or
some other standard ASCII-based language. In this case one can
use Crypt Breaker's Workbench by Bob Baldwin, available at the
usual sites. However, the docs say it can't be used on binary files.
Assume, then, that your attacker will start with CBW and modify it
to work with binary files.

If the compression used is the old standard Unix "compress" it
shouldn't be impossible if there's enough ciphertext, since "compress"
is quite heavy on NULs. The same is true of both GIF and JPEG. Gzip,
however, has a very flat table and would make the recovery
challenging. Some of the standard compression packages like gzip and
pkzip leave some known plaintext at the beginning as recognition
characters, and that's important for the attacker. If the attacker can
guess the beginning of your plaintext (e.g. "#include <stdio.h>" or
something) she's got an even better chance.

However, with good compression and no hints even a weak encryption
system gives a surprising amount of help. ARJ, for example, uses
a Vigenere-like encryption, and if there is only one file in the
ARJ package it's difficult to spot patterns in it.

I know, that's more than you wanted to hear, so here's an executive
summary: if you really care about your data, use stronger encryption
than "crypt (1)" and don't worry about ways to put band-aids on it.

        Jim Gillogly

• Next message: Ben Laurie: "Re: Algebraic cryptanalysis ?"
• Previous message: Bernardo B. Terrado: "question...."
• In reply to: Mike Rosing: "Re: Algebraic cryptanalysis ?"
• Next in thread: Bernardo B. Terrado: "Re: Crypt and compression [Re: question....]"
• Reply: Bernardo B. Terrado: "Re: Crypt and compression [Re: question....]"
• Reply: Bernardo B. Terrado: "Re: Crypt and compression [Re: question....]"